Methods, systems and program products for classifying and storing a data handling method and for associating a data handling method with a data item

ABSTRACT

Under the present invention, a multidimensional data structure (MDS) is populated with data handling methods. Specifically, each data handling method is stored in the MDS at an address that corresponds to a set of coordinate values. The sets of coordinate values are determined using responses to a plurality of questions. Once the MDS is populated, a data item can then be associated with a particular data handling method using additional responses to the same plurality of questions that are posed with respect to the data item. Specifically, using the additional responses, a set of coordinate values is determined for the data item. The data item is then associated with the data handling method(s) that is stored in the MDS at the address corresponding to the data item&#39;s set of coordinate values.

BACKGROUND OF THE INVENTION

1. Field of the Invention

The present invention generally relates to methods, systems and programproducts for classifying and storing a data handling method, and forassociating a data handling method with a data item. By storing datahandling methods according to the present invention, consistent securityof associated data items is maintained.

2. Background Art

As computer technology continues to improve, the capability toefficiently disseminate data grows. Specifically, today, not only candata be shared within an organization over an internal network (e.g., aLAN, a WAN, a VPN, etc.), but it can also be shared with outsideorganizations over a public network (e.g., the Internet). With suchcapabilities, it is essential that data be handled in a consistent andsecure manner. In providing proper data security, many organizationsadopt a scale of data classifications. For example, an organizationmight classify data as either “public,” “confidential,” “secret,” or“top secret.” Each one of these classifications could have differentdata handling requirements. For example, data classified as “public”could be permitted to be left open on desks, taken out of the officebuilding, etc. Conversely, data classified as “top secret” might have tobe kept in locked cabinets, and made accessible only to specificpersonnel. In classifying data, many variations are possible. Forexample, an entire document could be classified under oneclassification. Alternatively individual data items (e.g., name,address, social security number, etc.) could be given their ownclassifications.

Problems arise, however, when organizations fail to specificallyenumerate the handling requirements for each data classification. Thisis especially problematic in that a given classification could meansomething different to two different individuals. For example,individual “A” might believe that he/she is permitted to take “topsecret” data home at night, while individual “B” might believe the samedata must remain in the office building. Discrepancies such as thisoccur not only within a single organization, but between differentorganizations as well. Moreover, even if an organization specificallyenumerates the handling requirements for each classification, theorganization must rely on the individuals to either: (1) remember thedifferent classifications and their corresponding handling requirements;or (2) take the initiative to manually consult the appropriate manualsto look up the handling requirements. In addition, since there is no“universal standard” of data handling requirements, differentorganizations could have different handling requirements for the samedata classifications. Such discrepancies are frequently the cause ofdangerous lapses in data security.

In view of the foregoing, there exists a need for methods, systems andprogram products for classifying and storing a data handling method, andfor associating a data handling method with a data item. Specifically, aneed exists for a data handling method to be stored within amultidimensional data structure according to responses to a plurality ofquestions. A further need exists for a data item to be associated withthe data handling method based on coordinate values that correspond tothe address in a multidimensional structure where the data handlingmethod is stored. Still yet, a need exists for the data item to betransmitted with the coordinate values of its associated data handlingmethod so that adherence to the data handling method is ensured.

SUMMARY OF THE INVENTION

In general, the present invention provides methods, systems and programproducts for classifying and storing a data handling method, and forassociating a data handling method with a data item. Specifically, underthe present invention a data handling method is stored at an address ina multidimensional data structure that has particular set of coordinatevalues. The particular coordinate values are determined based onresponses to a plurality of questions posed with respect to the datahandling method. Once the multidimensional data structure is populated,a set of coordinate values is determined for each data item. Typically,this is accomplished using additional response to the plurality ofquestions, which this time are posed with respect to the data item. Thedata item is then associated with the data handling method(s) that isstored at the address having the set of coordinate values that matchesthe data item's determined set of coordinate values.

According to a first aspect of the present invention, a method forclassifying and storing a data handling method is provided. The methodcomprises: (1) determining a set of coordinate values using responses toa plurality of questions in a questionnaire; and (2) storing the datahandling method in a multidimensional data structure at an addresscorresponding to the set of coordinate values.

According to a second aspect of the present invention, a method forassociating a data handling method with a data item is provided. Themethod comprises: (1) determining a set of coordinate values usingresponses to a plurality of questions posed with respect to the dataitem; (2) using the set of coordinate values to identify an address in amultidimensional data structure where the data handling method isstored; and (3) associating the data item with the data handling method.

According to a third aspect of the present invention, a system forclassifying and storing a data handling method is provided. The systemcomprises: (1) a method value system for determining a set of coordinatevalues using responses to a plurality of questions; and (2) a storagesystem for storing the data handling method in a multidimensional datastructure at an address corresponding to the set of coordinate values.

According to a fourth aspect of the present invention, a system forassociating a data handling method with a data item is provided. Thesystem comprises: (1) a data item value system for determining a set ofcoordinate values using responses to a plurality of questions posed withrespect to the data item, wherein the set of coordinate valuescorrespond to an address in a multidimensional data structure where thedata handling method is stored; and (2) an association system forassociating the data item with the data handling method based on the setof coordinate values.

According to a fifth aspect of the present invention, a program productstored on a recordable medium for classifying and storing a datahandling method is provided. When executed, the program productcomprises: (1) program code for determining a set of coordinate valuesusing responses to a plurality of questions; and (2) program code forstoring the data handling method in a multidimensional data structure atan address corresponding to the set of coordinate values.

According to a sixth aspect of the present invention, a program productstored on a recordable medium for associating a data handling methodwith a data item is provided. When executed, the program productcomprises: (1) program code for determining a set of coordinate valuesusing responses to a plurality of questions posed with respect to thedata item, wherein the set of coordinate values correspond to an addressin a multidimensional data structure where the data handling method isstored; and (2) program code for associating the data item with the datahandling method based on the set of coordinate values.

According to a seventh aspect of the present invention, a method forretrieving a data handling method stored from within a multidimensionaldata structure is provided. The method comprises: (1) receiving a dataitem and an associated set of coordinate values; and (2) retrieving thedata handling method from within the multidimensional data structureusing the associated set of coordinate values, wherein the associatedset of coordinate values corresponds to an address within themultidimensional data structure where the data handling method isstored.

According to an eighth aspect of the present invention, a system forretrieving a data handling method from within a multidimensional datastructure is provided. The system comprises: a reference system forretrieving the data handling method from within the multidimensionaldata structure using a set of coordinate values associated with a dataitem, wherein the set of coordinate values corresponds to an addresswithin the multidimensional data structure where the data handlingmethod is stored.

According to a ninth aspect of the present invention, a program productstored on a recordable medium for retrieving a data handling method fromwithin a multidimensional data structure is provided. When executed, theprogram product comprises program code for retrieving the data handlingmethod from within the multidimensional data structure using a set ofcoordinate values associated with a data item, wherein the set ofcoordinate values corresponds to an address within the multidimensionaldata structure where the data handling method is stored.

Therefore, the present invention provides methods, systems and programproducts for classifying and storing a data handling method, and forassociating a data handling method with a data item.

BRIEF DESCRIPTION OF THE DRAWINGS

These and other features of this invention will be more readilyunderstood from the following detailed description of the variousaspects of the invention taken in conjunction with the accompanyingdrawings in which:

FIG. 1 depicts a set of interconnected organizations.

FIG. 2 depicts a system for classifying and storing a data handlingmethod, and for associating a data handling method with a data item,according to the present invention.

FIG. 3 depicts a multidimensional data structure, according to thepresent invention.

FIG. 4A depicts a more detailed diagram of the population system of FIG.2.

FIG. 4B depicts a more detailed diagram of the data item system of FIG.2.

FIG. 4C depicts a more detailed diagram of the security system of FIG.2.

The drawings are merely schematic representations, not intended toportray specific parameters of the invention. The drawings are intendedto depict only typical embodiments of the invention, and thereforeshould not be considered as limiting the scope of the invention. In thedrawings, like numbering represents like elements.

DETAILED DESCRIPTION OF THE INVENTION

As indicated above, the present invention provides methods, systems andprogram products for classifying and storing a data handling method, andfor associating a data handling method with a data item. Specifically,under the present invention a data handling method is stored at anaddress in a multidimensional data structure that has particular set ofcoordinate values. The particular coordinate values are determined basedon responses to a plurality of questions posed with respect to the datahandling method. Once the multidimensional data structure is populated,a set of coordinate values is determined for each data item. Typically,this is accomplished using additional responses to the plurality ofquestions, which this time are posed with respect to the data item. Thedata item is then associated with the data handling method(s) that isstored at the address having the set of coordinate values that matchesthe data item's determined set of coordinate values.

Referring now to FIG. 1, organizations 10, 12, and 14 are depicted. Intoday's business world, it is very common for data to be transferredbetween organizations such as those shown. For example, organizations10, 12 and 14 could represent three organizations along a supply chain.Alternatively, organizations 10, 12 and 14 could represent differentgroups/departments within the same company. In any event, it isfundamental that any handling requirements for data transferred betweenorganizations 10, 12 and 14 be maintained in a consistent manner.Specifically, for a given data item, organization 10, 12 and 14 shouldhandle the data identically.

Referring now to FIG. 2, a system for classifying and storing a datahandling method, and for associating a data handling method with a dataitem according to the present invention is shown. As depicted,organization 10 is shown as including computer system 18 andadministrator/architect 40. It should be understood that organization 10can include additional resources and/or personnel, and that thosespecifically shown in FIG. 2 are not intended to be limiting. Moreover,it should be understood that although not shown for brevity purposes,organizations 12 and 14 will also include various computing resourcesand personnel.

As shown, computer system 18 includes central processing unit (CPU) 20,memory 22, bus 24, input/output (I/O) interfaces 26 and externaldevices/resources 28. CPU 20 may comprise a single processing unit, orbe distributed across one or more processing units in one or morelocations, e.g., on a client and server. Memory 22 may comprise anyknown type of data storage including magnetic media, optical media,random access memory (RAM), read-only memory (ROM), a data cache, a dataobject, etc. Moreover, similar to CPU 20, memory 22 may reside at asingle physical location, comprising one or more types of data storage,or be distributed across a plurality of physical systems in variousforms. The computer system 18 also includes transmission media.

I/O interfaces 26 may comprise any system for exchanging informationto/from an external source. External devices/resources 28 may compriseany known type of external device, including speakers, a CRT, LEDscreen, hand-held device, keyboard, mouse, voice recognition system,speech output system, printer, monitor/display, facsimile, pager, etc.Bus 24 provides a communication link between each of the components incomputer system 18 and likewise may comprise any known type oftransmission link, including electrical, optical, wireless, etc. Inaddition, although not shown, additional components, such as cachememory, communication systems, system software, etc., may beincorporated into computer system 18.

Storage unit 30 can be any system (e.g., a database) capable ofproviding storage for data items 42 and a multidimensional datastructure (MDS) 44 under the present invention. As such, storage unit 30could include one or more storage devices, such as a magnetic disk driveor an optical disk drive. In another embodiment, storage unit 30includes data distributed across, for example, a local area network(LAN), wide area network (WAN) or a storage area network (SAN) (notshown). Storage unit 30 may also be configured in such a way that one ofordinary skill in the art may interpret it to include one or morestorage devices.

It should be understood that communication with computer system 18and/or between organizations 10, 12 and 14 can occur via a directhardwired connection (e.g., serial port), or via an addressableconnection in a client-server (or server-server) environment which mayutilize any combination of wireline and/or wireless transmissionmethods. In the case of the latter, the server and client may beconnected via the Internet, a wide area network (WAN), a local areanetwork (LAN), a virtual private network (VPN) or other private network.The server and client may utilize conventional network connectivity,such as Token Ring, Ethernet, WiFi or other conventional communicationsstandards. Where the client communicates with the server via theInternet, connectivity could be provided by conventional TCP/IPsockets-based protocol. In this instance, the client would utilize anInternet service provider to establish connectivity to the server.

Shown in memory 22 of computer system 18 are population system 32, dataitem system 34, security system 36 and transmission system 38. Under thepresent invention, population system 32 is used to populate MDS 44 withdata handling methods (e.g., as provided by administrator 40). A datahandling method is a set (e.g., one or more) of data handlingrequirements that corresponds to a data classification. For example, adata handling method for “top secret” data could be as follows: (1)authenticate a user name and password before providing access to thedata; (2) encrypt the data prior to transmission over a public network;and (3) do not permit downloading of the data.

Referring to FIG. 3, an illustrative MDS 44 is shown in greater detail.As depicted, MDS 44 is a three-dimensional matrix of cells 46. Theaddress of each cell 46 is denoted according to a set of coordinatevalues along the X-Y-Z axes, with each coordinate value corresponding toa possible response to a question in a questionnaire (as will be furtherdescribed below). For MDS 44, cell 48 has the coordinate values of(3,3,3). Similarly, cells 50 and 52 have the coordinates values of(3,1,1) and (1,2,3), respectively. Thus, each cell can be uniquelyreferenced according to its set of coordinate values. It should beunderstood that MDS 44 is shown as a 3×3×3 matrix for illustrativepurposes only, and that any quantity of cells could be implemented. Tothis extent, MDS 44 does not have to be square in shape. For example,MDS 44 could be rectangular (e.g., the quantity of cells along axis “X”of MDS 44 could be greater than the quantity of cells along axis “Y”).Moreover, MDS 44 could have a different quantity of dimensions. Forexample, MDS 44 could be a 3×3×3×3 matrix. Under the present invention,population system 32 will store each data handling method in one of thecells 46 of MDS 44. Since MDS 44 can have any quantity of cells, anyquantity of data handling methods can be accommodated (although itshould be understood that each cell need not be occupied). Moreover,each cell 46 could have one or more data handling methods storedtherein.

Referring now to FIGS. 2, 3 and FIG. 4A collectively, the functionalityof population system 32 will be described greater detail. As show inFIG. 4A, population system 32 includes method value system 60 andstorage system 62, which will populate MDS 44 with data handlingmethods. For example, assume that administrator 40 is attempting toestablish a medical billing system within organization 10. Administrator40 will define the various types of data items and data handling methodsthat will be utilized. As will be further explained below, administrator40 will typically utilize extended markup language (XML) or some otherlanguage that utilizes web protocols such as HTTP and SOAP inestablishing the billing system. This will allow the security of data tobe maintained irrespective of its transmission over a public network. Inany event, examples of types of data items include patient name,address, social security number, credit card information, etc. Asindicated above, each data handling method typically includes one ormore data handling requirements and pertains to a different dataclassification. For example, data handling method “A” could pertain to“public” data, while data handling method “B” could pertain to “topsecret” data. To this extent, each data handling method sought to beutilized will be stored in a particular cell within MDS 44.

In a typical embodiment, method value system 60 will determine theprecise cell for storing a data handling method based on responses to aplurality of questions in a questionnaire. Specifically, the datahandling method will be stored in at an address in MDS 44 correspondingto a particular set of coordinate values. The set of coordinate valuesare determined using responses to a plurality of questions in aquestionnaire that are posed with respect to the data handling method.For the 3×3×3 MDS 44 shown in FIG. 3, three questions that each havethree potential responses are utilized. Shown below is an example ofsuch a questionnaire.

-   (1) What are the disclosure requirements?

(1) anyone in public can have access

(2) only internal personnel can have access

(3) access is on a need to know basis

-   (2) Who owns the data?

(1) the organization

(2) licensed from another entity

(3) an individual outside of the organization

-   (3) What is the business context of the data?

(1) insurance

(2) financial services

(3) medical

Each data handling method is reviewed in view of these questions. Forexample, assume that data handling method “B” is a “top secret” datahandling method that has the data handling requirements of: (1)authenticate a user name and password before providing access to thedata; (2) encrypt the data prior to transmission over a public network;and (3) do not permit downloading of the data. Administrator 40 willreview the possible responses to the questions and select the responsesthat best fits the classification for “top secret” data. Thus, forexample, the most appropriate response to question one is “(3) access ison a need to know basis.” Moreover, since the system being built is abilling system that will collect information for patients, the mostappropriate response to question two is “(3) an individual outside ofthe organization.” Lastly, since the billing system will be used in amedical business context (e.g., organization is a medical office), themost appropriate response to question three is “(3) medical.”Accordingly, the responses selected for data handling method “B” were“3,3,3.” These responses represent the set of coordinate valuescorresponding to the address in MDS 44 where data handling method “B”will be stored. Specifically, data handling method “B” will be stored incell 48 of MDS 44 (FIG. 3) since cell 48 has the set of coordinatevalues (3,3,3).

It should be understood that the questions used to determine the set ofcoordinate values for data handling methods could be obtained manuallyby administrator 40 (e.g., a hard copy outside of computer system 18),or could be automatically generated and presented to administrator 40(e.g., on a computer display) by method value system 60. In the case ofthe latter, the questionnaire could be stored in storage unit 30, andretrieved by method value system 60 for presentation to administrator40. In both cases, method value system 60 would receive the responsesfrom administrator 40, and convert them into the set of coordinatevalues. Once the set of coordinate values has been determined, storagesystem 62 will store the data handling method in the appropriate cell.

Once MDS 44 has been populated with one or more data handling methods,data items 42 can be associated therewith by data item system 34.Referring to FIGS. 2 and 4B collectively, the functionality of data itemsystem 34 will be described in greater detail. As depicted in FIG. 4B,data item system 34 includes data value system 70 and association system72. For each data item to be used in the billing system, data valuesystem 70 will determine a set of coordinate values in a manner similarto method value system 60. Specifically, similar to the data handlingmethods, the set of coordinate values for each data item is determinedusing responses to the questions in the questionnaire. However, thistime, the questions are posed with respect to the data items. Forexample, assume that data item “A” is a social security number.Administrator 40 will answer the three questions set forth above. Forquestion one, since the type of data item is a social security number,which is typically subject to a very high level of security, the mostappropriate response would be “(3) access is on a need to know basis.”Moreover, since the social security numbers collected will be that ofpatients, the most appropriate response to question two is “(3) anindividual outside of the organization.” Lastly, since the socialsecurity numbers will be collected for a medical billing system, themost appropriate response for question three is “(3) medical.”

Accordingly, for data item “A,” the determined set of coordinate valuesis (3,3,3). This means that data item “A” should be associated with alldata handling methods stored at the (3,3,3) address within MDS 44 (e.g.,cell 48). In the example set forth above, data handling method “B,”which corresponds to “top secret” data, was stored at this address. Oncethe set of coordinate values has been determined for data item “A,”association system 72 will associate the set with the data item. In atypical embodiment, the set of coordinate values is appended to the dataitem field/descriptor. As indicated above, the data items are typicallyestablished using extended markup language (XML). This allows the set ofcoordinate values (3,3,3) to be appended to the social security numberdescriptor, which is especially useful when transmitting the data over anetwork such as the Internet. These steps are followed for each dataitem (e.g., names, addresses, etc.) so that each is associated with oneor more particular data handling methods via a set of coordinate values.For example, when a patient record that includes name, social securitynumber, street address, city, state and zip is transmitted in a recordsuch as “John Smith::123-45-6789::3712 Main Street::Anytown::OH::43215,”the record descriptor might appear as follows:

<patient> NAME String(40) UDCM(3,2,1) SSN String(9) UDCM(3,3,3) StreetString(40) UDCM(2,2,3) City String(40) UDCM(2,1,1) State String(2)UDCM(2,1,1) ZIP Integer() UDCM(2,3,1) </patient>The UDCM(X,Y,Z) portions of the patient record correspond to theaddresses in MDS 44 that hold the handling method(s) associated witheach data item.

Once a data item has been associated with one or more particular datahandling methods, security system 36 (shown in FIG. 4C) will ensure thatthe data handling methods are enforced. For example, assume that anindividual in organization 10 wishes to transmit a social securitynumber (via transmission system 38 of FIG. 1) to an individual inorganization 12. Reference system 80 will review the set of coordinatevalues appended to the social security number, and retrieve theassociated data handling method from MDS 44. In this example, referencesystem 80 would retrieve data handling method “B” from cell 48. Onceretrieved, enforcement system 82 will ensure that all data handlingrequirements within the method are enforced. For example, for datahandling method “B,” the second requirement stated: “encrypt the dataprior to transmission over a public network.” Thus, prior totransmission to organization 12, enforcement system 82 will encrypt (orverify encryption of) the social security number.

The present invention thus permits any quantity of data handling methodsto be accommodated without having to rely on individuals withinorganization to remember or look up the precise requirements. Moreover,in a typical embodiment, organizations 12 and 14 will have a securitysystem 36 similar to that of organization 10. This allows the integrityof the data handling methods to be maintained among numerous disparateorganizations. Specifically, because data items are transmitted with aset of coordinate values appended thereto, any organization with accessto MDS 44 (e.g., organizations 12 and 14) can identify, retrieve andenforce the appropriate data handling method. As indicated above,systems created under the teachings of the present invention (e.g., suchas the exemplary billing system described herein) are typicallyimplemented using XML. The use of XML allows a set of coordinate valuesto be appended to the “record” of each data item, and communicated usingXML compatible protocols such as HTTP or SOAP. Thus, if a collection ofdata items is transmitted to organization 12 over the Internet, eachdata item will have a set of coordinate values appended thereto.Organization 12 will receive the data items and appended coordinatevalues, reference MDS 44, and then utilize the coordinate values toretrieve the appropriate data handling methods. Specifically, a securitysystem 36 (not shown) within organization 12 will simply review each setof coordinate values, reference MDS 44 in storage unit 30, and obtainthe appropriate data handling method for each data item. Once retrieved,the data handling methods will be enforced. Accordingly, anyorganization need only have access to MDS 44 to maintain proper datasecurity.

It is understood that the present invention can be realized in hardware,software, or a combination of hardware and software. Any kind ofcomputer/server system(s)—or other apparatus adapted for carrying outthe methods described herein—is suited. A typical combination ofhardware and software could be a general purpose computer system with acomputer program that, when loaded and executed, controls computersystem 18 such it carries out the respective methods described herein.Alternatively, a specific use computer, containing specialized hardwarefor carrying out one or more of the functional tasks of the invention,could be utilized. The present invention can also be embedded in acomputer program product, which comprises all the respective featuresenabling the implementation of the methods described herein, andwhich—when loaded in a computer system—is able to carry out thesemethods. Computer program, software program, program, or software, inthe present context mean any expression, in any language, code ornotation, of a set of instructions intended to cause a system having aninformation processing capability to perform a particular functioneither directly or after either or both of the following: (a) conversionto another language, code or notation; and/or (b) reproduction in adifferent material form.

The foregoing description of the preferred embodiments of this inventionhas been presented for purposes of illustration and description. It isnot intended to be exhaustive or to limit the invention to the preciseform disclosed, and obviously, many modifications and variations arepossible. Such modifications and variations that may be apparent to aperson skilled in the art are intended to be included within the scopeof this invention as defined by the accompanying claims. For example,the various systems shown in memory 22 of computer system 18 aredepicted as shown for illustrative purposes only. It should beappreciated that they could be represented in any quantity of systemsand/or subsystems.

1. A method for classifying and storing a plurality of data handlingmethods to enhance system security, the method comprising: classifyingeach data handling method of the plurality of data handling methodsthrough a set of coordinate values of a matrix in a multidimensionaldata structure by generating the set of coordinate values on a basis ofa plurality of questions in a questionnaire, wherein the set ofcoordinate values are determined using responses to the plurality ofquestions that pertain to each data handling method of the plurality ofdata handling methods, wherein each data handling method of theplurality of data handling methods is a set of data handlingrequirements corresponding to a data classification for a data item, thedata handling requirements including at least one of a group consistingof: authenticating user access, encrypting data prior to transmission,regulating data download and any combination thereof, wherein a numberof dimensions of the matrix is at least three and is determined by anycombination from the data handling requirements; and storing the datahandling methods in a the multidimensional data structure at an addresscorresponding to the set of coordinate values, wherein the classifyingand storing provide an indication of treatment of the data item of aparticular security class.
 2. The method of claim 1, wherein eachpossible response to the plurality of questions corresponds to one of aplurality of coordinate values.
 3. The method of claim 1, wherein thedata handling method comprises a set of data handling requirements. 4.The method of claim 1, further comprising associating the data item withthe data handling method.
 5. The method of claim 4, wherein theassociating comprises: determining additional responses to the pluralityof questions in the questionnaire posed with respect to the data item;using the additional responses to identify the set of coordinate values;and associating the set of the plurality of coordinate values with thedata item.
 6. The method of claim 5, further comprising transmitting thedata item and the set of the plurality of coordinate values associatedwith the data item over a network.
 7. The method of claim 6, furthercomprising using the set of coordinate values associated with the dataitem to reference the data handling method in the multidimensional datastructure.
 8. A system for classifying and storing a plurality of datahandling methods to enhance system security, the system comprising: aprocessor; and a memory, the memory including: a population system forclassifying each data handling method of the plurality of data handlingmethods through a set of coordinate values of a matrix in amultidimensional data structure, wherein each data handling method ofthe plurality of data handling methods is a set of data handlingrequirements corresponding to a data classification for a data item, thedata handling requirements including at least one of a group consistingof: authenticating user access, encrypting data prior to transmission,regulating data download and any combination thereof, wherein a numberof dimensions of the matrix is at least three and is determined by anycombination from the data handling requirements, the population systemcomprising: a method value system for generating the set of coordinatevalues on a basis of a plurality of questions in a questionnaire,wherein the set of coordinate values are determined using responses tothe plurality of questions that pertain to each data handling method ofthe plurality of data handling methods; and a storage system for storingthe data handling methods in the multidimensional data structure at anaddress corresponding to the set of coordinate values, wherein thepopulation system and storage system provide an indication of treatmentof the data item of a particular security class.
 9. The system of claim8, wherein each possible response to the plurality of questionscorresponds to one of a plurality of coordinate values.
 10. The systemof claim 8, wherein the data handling method comprises a set of datahandling requirements.
 11. The system of claim 8, further comprising: adata item value system for determining the set of coordinate valuesusing additional responses to the plurality of questions posed withrespect to a the data item; and an association system for associatingthe data item with the data handling method based on the set ofcoordinate values.
 12. The system of claim 11, further comprising asecurity system for enforcing the data handling method.
 13. A programproduct stored on a computer readable storage medium for classifying andstoring a plurality of data handling methods to enhance system security,which when executed, comprises: program code for classifying each datahandling method of the plurality of data handling methods through a setof coordinate values of a matrix in a multidimensional data structure bygenerating the set of coordinate values on a basis of a plurality ofquestions in a questionnaire, wherein each data handling method of theplurality of data handling methods is a set of data handlingrequirements corresponding to a data classification for a data item, thedata handling requirements including at least one of a group consistingof: authenticating user access, encrypting data prior to transmission,regulating data download and any combination thereof, wherein a numberof dimensions of the matrix is at least three and is determined by anycombination from the data handling requirements, and wherein the set ofcoordinate values are determined using responses to the plurality ofquestions that pertain to each data handling method of the plurality ofdata handling methods; and program code for storing the data handlingmethods in the multidimensional data structure at an addresscorresponding to the set of coordinate values, wherein the program codefor classifying and the program code for storing provide an indicationof treatment of the data item of a particular security class.
 14. Theprogram product of claim 13, wherein each possible response to theplurality of questions corresponds to one of a plurality of coordinatevalues.
 15. The program product of claim 13, wherein the data handlingmethod comprises a set of data handling requirements.
 16. The system ofclaim 13, further comprising: program code for determining the set ofcoordinate values using additional responses to the plurality ofquestions posed with respect to the data item; and program code forassociating the data item with the data handling method based on the setof coordinate values.
 17. The system of claim 16, further comprisingprogram code for enforcing the data handling method.